-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Will McCutcheon writes: >I am running SpamAssassin 2.61 with Sendmail 8.12.8 using Procmail 3.22. > >I have a mail server running on a cable modem whose IP is a dynamic >pool, so I of course am blacklisted in several RBL's. I am a good boy, >so I have my mail server direct all outgoing mail through my ISP's mail >server and have "trusted_networks MYIPADDRESS" in >/etc/mail/spamassassin/local.cf . This works dandy for most e-mails I >get, SpamAssassin correctly ignoring the fact that it was received on >my blacklisted server. However, I've run into a particular situation >where this doesn't work the way the documentation for >Mail::SpamAssassin::Conf leads me to believe that it should. > >One of the web sites I host on my server (let us call this server A) >has a mailing list that actually lives on a different server (server >B). So, I have a forward in Sendmail on server A that redirects >messages sent to the mailing list over to the correct list on server B. > I am a member of this list and my mail account lives back on server A. > So let's say you send an e-mail to the mailing list, it goes to server >A which forwards it through my ISP's mail server to the list on server >B, which then sends out the message to all the appropriate mailing list >recipients, including me back on server A. A little complicated, but I >think it's still reasonable and it's never been a problem before. > >However, when it finally makes its way to me, SpamAssassin flags server >A's IP as being in an RBL of dynamic IP's, despite my setting in >/etc/mail/spamassassin/local.cf instructing it to trust that IP. The >documentation for Mail::SpamAssassin::Conf seems to pretty clearly say >that RBL checks will never be performed on any trusted IP's, but it >certainly appears to be occurring here. Yep -- this is a case where it will occur. This is because the mail has gone *outside* of the trusted zone -- and the untrusted host B could be under the control of spammer who just forged a Received header to make it look like it came from the trusted host A. We can't trust that. Same for the next case btw. - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Exmh CVS iD8DBQFADzIVQTcbUG5Y7woRAlSrAKCYn3JxmiYnEdRKRrKdtCxmtXuxJgCg0q2+ lUnZsP4QHiIQG23+fi+0cFA= =25di -----END PGP SIGNATURE----- ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
